From vbart at nginx.com Thu Feb 7 16:53:32 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 07 Feb 2019 19:53:32 +0300 Subject: [nginx-announce] unit-1.7.1 Message-ID: <4534335.PeeXIM3HiT@vbart-workstation> Hi, This is a bugfix release of NGINX Unit that eliminates a security flaw. All versions of Unit from 0.3 to 1.7 are affected. Everybody is strongly advised to update to a new version. Changes with Unit 1.7.1 07 Feb 2019 *) Security: a heap memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior (CVE-2019-7401). *) Bugfix: install of Go module failed without prior building of Unit daemon; the bug had appeared in 1.7. Release of Unit 1.8 with support for internal request routing and an experimental Java module is planned for end of February. wbr, Valentin V. Bartenev From vbart at nginx.com Thu Feb 7 16:54:28 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 07 Feb 2019 19:54:28 +0300 Subject: [nginx-announce] unit security advisory (CVE-2019-7401) Message-ID: <3997170.Aaej2v5MRV@vbart-workstation> Hi, A security issue was identified in NGINX Unit, which might allow an attacker to cause a heap memory buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or other unspecified behavior (CVE-2019-7401). The issue affects Unit 0.3 - 1.7. The issue is fixed in Unit 1.7.1. wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Feb 26 15:52:51 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Feb 2019 18:52:51 +0300 Subject: [nginx-announce] nginx-1.15.9 Message-ID: <20190226155251.GX1877@mdounin.ru> Changes with nginx 1.15.9 26 Feb 2019 *) Feature: variables support in the "ssl_certificate" and "ssl_certificate_key" directives. *) Feature: the "poll" method is now available on Windows when using Windows Vista or newer. *) Bugfix: if the "select" method was used on Windows and an error occurred while establishing a backend connection, nginx waited for the connection establishment timeout to expire. *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module worked incorrectly when proxying UDP datagrams. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Feb 26 16:12:31 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 26 Feb 2019 19:12:31 +0300 Subject: [nginx-announce] njs-0.2.8 Message-ID: <533afd74-ac15-87d6-4a40-8f8972413498@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications and modules functionality. - Added support for setting nginx variables. - Added support for delete operation in r.headersOut. - Properties of HTTP request deprecated in 0.2.2 were removed. - Added labels support. - Added support for shorthand property names for Object literals. : > var a = 1, b = 2 : undefined : > ({a, b}) : { : a: 1, : b: 2 : } You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.2.8 26 Feb 2019 nginx modules: *) Change: properties of HTTP request deprecated in 0.2.2 are removed. *) Feature: added support for delete operation in r.headersOut. *) Feature: added support for setting nginx variables. *) Bugfix: fixed r.subrequest() for empty body value. *) Improvement: setting special response headers in r.headersOut. Core: *) Feature: added labels support. *) Feature: added setImmediate() method. *) Feature: added support for shorthand property names for Object literals. *) Bugfix: fixed Function.prototype.bind(). *) Bugfix: fixed parsing of string literals containing newline characters. *) Bugfix: fixed line number in reporting variable reference errors. *) Bugfix: fixed creation of long UTF8 strings. *) Bugfix: fixed String.prototype.split() for unicode strings. *) Bugfix: fixed heap-buffer-overflow in String.prototype.split(). *) Bugfix: fixed Array.prototype.fill(). Thanks to Artem S. Povalyukhin. *) Improvement: code related to function invocation is refactored. Thanks to ??? (Hong Zhi Dao). *) Improvement: code related to variables is refactored. Thanks to ??? (Hong Zhi Dao). *) Improvement: parser is refactored. Thanks to ??? (Hong Zhi Dao). *) Improvement: reporting filenames in exceptions. From vbart at nginx.com Fri Mar 1 17:03:37 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 01 Mar 2019 20:03:37 +0300 Subject: [nginx-announce] unit-1.8.0 Message-ID: <3489855.qRZDNtMFhC@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. This release contains two big features that we have been working on diligently during the last months. Some of you wonder why listener sockets are separated from applications in Unit configuration API. That was done intentionally to introduce advanced routing between sockets and applications in the future, and this future is finally happening. Now you will be able to specify quite handy rules that will direct your requests to a particular application depending on various parameters. Please take a glance at the routing documentation: - https://unit.nginx.org/configuration/#routes Currently, it only supports internal routing by Host, URI, and method request parameters. In the following releases, available options are going to be expanded to allow matching arbitrary headers, arguments, cookies, source and destination addresses. We will also add regular expression patterns. In future releases, these routing abilities will be handy for issuing redirects and changing configuration on a per route basis. As usual with Unit, all routing changes are fully dynamic and gracefully done through its control API. The second feature is even bigger. We've merged the code that Maxim Romanov developed in a separate branch last year to support running applications leveraging certain technology described in the Java(tm) Servlet 3.1 (JSR-340) specification. This module is a BETA release as the module is untested and presumed incompatible with the JSR-340 specification. Now everybody can easily install it from our packages, try it with their Java applications, and leave us feedback. If you're a Jira user, please use this HowTo: - https://unit.nginx.org/howto/jira/ More documentation is available in Installation and Configuration sections: - https://unit.nginx.org/installation/ - https://unit.nginx.org/configuration/#java-application We intend to use our open-development process to refine and improve the software and to eventually test and certify the software's compatibility with the JSR-340 specification. Unless and until the software has been tested and certified, you should not deploy the software in support of deploying or providing Java Servlet 3.1 applications. You should instead deploy production applications on pre-built binaries that have been tested and certified to meet the JSR-340 compatibility requirements such as certified binaries published for the JSR-340 reference implementation available at https://javaee.github.io/glassfish/. * Java is a registered trademark of Oracle and/or its affiliates. Changes with Unit 1.8.0 01 Mar 2019 *) Change: now three numbers are always used for versioning: major, minor, and patch versions. *) Change: now QUERY_STRING is always defined even if the request does not include the query component. *) Feature: basic internal request routing by Host, URI, and method. *) Feature: experimental support for Java Servlet Containers. *) Bugfix: segmentation fault might have occurred in the router process. *) Bugfix: various potential memory leaks. *) Bugfix: TLS connections might have stalled. *) Bugfix: some Perl applications might have failed to send the response body. *) Bugfix: some compilers with specific flags might have produced non-functioning builds; the bug had appeared in 1.5. *) Bugfix: Node.js package had wrong version number when installed from sources. Our versioning scheme is actually always supposed to have the third version number, but the ".0" patch version was hidden. In order to avoid any possible confusion, it was decided to always show ".0" in version numbers. For those who are interested in running Unit on CentOS, Fedora, and RHEL with latest versions of PHP, the corresponding packages are now available in Remi's RPM repository: - https://unit.nginx.org/installation/#remi-s-rpm-repo Many kudos to Remi Collet for collaboration. Note also that our technical writer Artem Konev has recently added more HowTos to the site about configuring various applications, including WordPress, Flask, and Django-based ones: - https://unit.nginx.org/howto/ He will continue discovering and writing instructions for other applications. If you're interested in some specific use cases and applications, please don't hesitate to leave a feature request on the documentation GitHub: - https://github.com/nginx/unit-docs/issues In the following releases, we will continue improving routing capabilities and support for Java applications. Among other big features we're working on are WebSockets support and serving static media assets. Stay tuned, give feedback, and help us to create the best software ever. wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Mar 26 14:25:54 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Mar 2019 17:25:54 +0300 Subject: [nginx-announce] nginx-1.15.10 Message-ID: <20190326142554.GF1877@mdounin.ru> Changes with nginx 1.15.10 26 Mar 2019 *) Change: when using a hostname in the "listen" directive nginx now creates listening sockets for all addresses the hostname resolves to (previously, only the first address was used). *) Feature: port ranges in the "listen" directive. *) Feature: loading of SSL certificates and secret keys from variables. *) Workaround: the $ssl_server_name variable might be empty when using OpenSSL 1.1.1. *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or newer; the bug had appeared in 1.15.9. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Mar 26 16:29:25 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 26 Mar 2019 19:29:25 +0300 Subject: [nginx-announce] njs-0.3.0 Message-ID: Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications and modules functionality. - Added initial ES6 modules support: : // module.js : function sum(a, b) {return a + b} : export default {sum}; : // shell : > import m from 'module.js' : undefined : > m.sum(3, 4) : 7 You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.0 26 Mar 2019 nginx modules: *) Feature: added js_path directive. *) Change: returning undefined value instead of empty strings for absent properties in the following objects: r.args, r.headersIn, r.headersOut, r.variables, s.variables. *) Change: returning undefined value instead of throwing an exception for r.requestBody when request body is unavailable. *) Bugfix: fixed crash while iterating over r.args when a value is absent in a key-value pair. Core: *) Feature: added initial ES6 modules support. Default import and default export statements are supported. Thanks to ??? (Hong Zhi Dao). *) Feature: added Object.prototype.propertyIsEnumerable(). *) Feature: reporting file name and function name in disassembler output. *) Bugfix: fixed function redeclarations in interactive shell. Thanks to ??? (Hong Zhi Dao). *) Bugfix: fixed RegExp literals parsing. *) Bugfix: fixed setting length of UTF8 string in fs.readFileSync(). *) Bugfix: fixed nxt_file_dirname() for paths with no dir component. From mdounin at mdounin.ru Tue Apr 9 13:14:05 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 9 Apr 2019 16:14:05 +0300 Subject: [nginx-announce] nginx-1.15.11 Message-ID: <20190409131405.GQ1877@mdounin.ru> Changes with nginx 1.15.11 09 Apr 2019 *) Bugfix: in the "ssl_stapling_file" directive on Windows. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Apr 16 15:10:11 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 16 Apr 2019 18:10:11 +0300 Subject: [nginx-announce] nginx-1.15.12 Message-ID: <20190416151011.GU1877@mdounin.ru> Changes with nginx 1.15.12 16 Apr 2019 *) Bugfix: a segmentation fault might occur in a worker process if variables were used in the "ssl_certificate" or "ssl_certificate_key" directives and OCSP stapling was enabled. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Apr 16 15:50:45 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 16 Apr 2019 18:50:45 +0300 Subject: [nginx-announce] njs-0.3.1 Message-ID: <4107745a-7883-f6e8-4d04-217feb98919e@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications and modules functionality. - Added ES6 arrow functions support: : > var materials = ['Hydrogen', 'Helium', 'Lithium'] : undefined : > materials.map(material => material.length) : [ : 8, : 6, : 7 : ] : r.subrequest('/foo', rep => r.return(rep.status, rep.responseBody)) You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.1 16 Apr 2019 Core: *) Feature: added arrow functions support. Thanks to ??? (Hong Zhi Dao) and Artem S. Povalyukhin. *) Feature: added Object.getOwnPropertyNames(). Thanks to Artem S. Povalyukhin. *) Feature: added Object.getOwnPropertyDescriptors(). Thanks to Artem S. Povalyukhin. *) Feature: making __proto__ accessor descriptor of Object instances mutable. *) Feature: added shebang support in CLI. *) Feature: added support for module mode execution in CLI. In module mode global this is unavailable. *) Bugfix: fixed editline detection. *) Bugfix: fixed Function.prototype.bind(). Thanks to ??? (Hong Zhi Dao). *) Bugfix: fixed checking of duplication of parameters for functions. Thanks to ??? (Hong Zhi Dao). *) Bugfix: fixed function declaration with the same name as a variable. Thanks to ??? (Hong Zhi Dao). *) Improvement: code related to parsing of objects, variables and functions is refactored. Thanks to ??? (Hong Zhi Dao). *) Improvement: console.log() improved for outputting large values. *) Improvement: console.log() improved for outputting strings in a compliant way (without escaping and quotes). *) Improvement: using ES6 version of ToInt32(), ToUint32(), ToLength(). From mdounin at mdounin.ru Tue Apr 23 14:09:01 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 23 Apr 2019 17:09:01 +0300 Subject: [nginx-announce] nginx-1.16.0 Message-ID: <20190423140901.GI1877@mdounin.ru> Changes with nginx 1.16.0 23 Apr 2019 *) 1.16.x stable branch. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue May 21 14:39:35 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 21 May 2019 17:39:35 +0300 Subject: [nginx-announce] nginx-1.17.0 Message-ID: <20190521143935.GN1877@mdounin.ru> Changes with nginx 1.17.0 21 May 2019 *) Feature: variables support in the "limit_rate" and "limit_rate_after" directives. *) Feature: variables support in the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module. *) Change: minimum supported OpenSSL version is 0.9.8. *) Change: now the postpone filter is always built. *) Bugfix: the "include" directive did not work inside the "if" and "limit_except" blocks. *) Bugfix: in byte ranges processing. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue May 21 16:18:41 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 21 May 2019 19:18:41 +0300 Subject: [nginx-announce] njs-0.3.2 Message-ID: Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release mostly focuses on stability issues in njs core after regular fuzzing tests were introduced. Notable new features: - Added ES6 template literals support: : > var a = "Template", b = "literals" : undefined : > `${a} ${b.toUpperCase()}!` : 'Template LITERALS!' - Added ES9 RegExp "groups" object support: : > /(?(?no)?(?yes)?)/.exec('yes').groups { no: undefined, r: 'yes', yes: 'yes' } You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.2 21 May 2019 Core: *) Feature: added support for template literals. Thanks to ??? (Hong Zhi Dao) and Artem S. Povalyukhin. *) Feature: executing command from command line arguments. *) Feature: added support for RegExp "groups" object (ES9). *) Feature: added block scoped function definitions support. *) Feature: added support for building with GNU Readline library. *) Feature: made configurable "length", "name", and most of built-in methods. *) Feature: made all constructor properties configurable. *) Bugfix: fixed Regexp.prototype.exec() for Unicode-only regexps. *) Bugfix: fixed njs_vm_value_dump() for empty string values. *) Bugfix: fixed RegExp constructor for regexp value arguments. *) Bugfix: fixed walking over prototypes chain during iteration over an object. *) Bugfix: fixed overflow in Array.prototype.concat(). *) Bugfix: fixed length calculation for UTF-8 string with escape characters. *) Bugfix: fixed parsing surrogate pair presents as UTF-16 escape sequences. *) Bugfix: fixed processing asterisk quantifier for String.prototype.match(). *) Bugfix: fixed Date() constructor with one argument. *) Bugfix: fixed arrays expansion. *) Bugfix: fixed heap-buffer-overflow in String.prototype.replace(). *) Bugfix: fixed heap-buffer-overflow in String.prototype.lastIndexOf(). *) Bugfix: fixed regexp literals parsing with escaped backslash and backslash in square brackets. *) Bugfix: fixed regexp literals with lone closing brackets. *) Bugfix: fixed uninitialized-memory-access in Object.defineProperties(). *) Bugfix: fixed processing "*" quantifier for String.prototype.replace(). *) Bugfix: fixed Array.prototype.slice() for UTF8-invalid byte strings. *) Bugfix: fixed String.prototype.split() for UTF8-invalid byte strings. *) Bugfix: fixed handling of empty block statements. From vbart at nginx.com Thu May 30 16:33:21 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 30 May 2019 19:33:21 +0300 Subject: [nginx-announce] unit-1.9.0 Message-ID: <2417071.dcYHDhKaYi@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. In this release, we continue improving routing capabilities for more advanced and precise request matching. Besides that, the control API was extended with POST operations to simplify array manipulation in configuration. Please check the documentation about new features: - Matching rules: https://unit.nginx.org/configuration/#condition-matching - API operations: https://unit.nginx.org/configuration/#configuration-management If you prefer to perceive information visually, here's a recording of NGINX Meetup that gives a good overview of dynamic application routing, although doesn't discuss new features from this release: - https://www.youtube.com/watch?v=5O4TjbbxTxw Also, a number of annoying bugs were fixed; thanks to your feedback, the Node.js module now works fine with more applications. Changes with Unit 1.9.0 30 May 2019 *) Feature: request routing by arguments, headers, and cookies. *) Feature: route matching patterns allow a wildcard in the middle. *) Feature: POST operation for appending elements to arrays in configuration. *) Feature: support for changing credentials using CAP_SETUID and CAP_SETGID capabilities on Linux without running main process as privileged user. *) Bugfix: memory leak in the router process might have happened when a client prematurely closed the connection. *) Bugfix: applying a large configuration might have failed. *) Bugfix: PUT and DELETE operations on array elements in configuration did not work. *) Bugfix: request schema in applications did not reflect TLS connections. *) Bugfix: restored compatibility with Node.js applications that use ServerResponse._implicitHeader() function; the bug had appeared in 1.7. *) Bugfix: various compatibility issues with Node.js applications. With this release, packages for Ubuntu 19.04 "disco" are also available. See the website for a full list of available repositories: - https://unit.nginx.org/installation/ Meanwhile, we continue working on WebSocket support. It's almost ready and has great chances to be included in the next release for Node.js and Java modules. Work on proxying and static files serving is also in progress; this will take a bit more time. wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Jun 25 12:34:45 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Jun 2019 15:34:45 +0300 Subject: [nginx-announce] nginx-1.17.1 Message-ID: <20190625123444.GV1877@mdounin.ru> Changes with nginx 1.17.1 25 Jun 2019 *) Feature: the "limit_req_dry_run" directive. *) Feature: when using the "hash" directive inside the "upstream" block an empty hash key now triggers round-robin balancing. Thanks to Niklas Keller. *) Bugfix: a segmentation fault might occur in a worker process if caching was used along with the "image_filter" directive, and errors with code 415 were redirected with the "error_page" directive; the bug had appeared in 1.11.10. *) Bugfix: a segmentation fault might occur in a worker process if embedded perl was used; the bug had appeared in 1.7.3. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Jun 25 15:32:37 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 25 Jun 2019 18:32:37 +0300 Subject: [nginx-announce] njs-0.3.3 Message-ID: <80A2788A-B8B8-4A57-BBD4-AAF02C168FD7@nginx.com> Hello, I?m glad to announce a new release of NGINX JavaScript module (njs). This release mostly focuses on stability issues in njs core after regular fuzzing tests were introduced. Notable new features: - Added ES5 property getter/setter runtime support: : > var o = {a:2}; : undefined : > Object.defineProperty(o, ?b?, {get:function(){return 2*this.a}}); o.b : 4 - Added global ?process? variable: : > process.pid : > process.env.HOME You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.3 25 Jun 2019 nginx modules: *) Improvement: getting of special response headers in headersOut. *) Improvement: working with unknown methods in r.subrequest(). *) Improvement: added support for null as a second argument of r.subrequest(). *) Bugfix: fixed processing empty output chain in stream body filter. Core: *) Feature: added runtime support for property getter/setter. Thanks to ??? (Hong Zhi Dao) and Artem S. Povalyukhin. *) Feature: added ?process? global object. *) Feature: writable most of built-in properties and methods. *) Feature: added generic implementation of Array.prototype.fill(). *) Bugfix: fixed integer-overflow in String.prototype.concat(). *) Bugfix: fixed setting of object properties. *) Bugfix: fixed Array.prototype.toString(). *) Bugfix: fixed Date.prototype.toJSON(). *) Bugfix: fixed overwriting ?constructor? property of built-in prototypes. *) Bugfix: fixed processing of invalid surrogate pairs in strings. *) Bugfix: fixed processing of invalid surrogate pairs in JSON strings. *) Bugfix: fixed heap-buffer-overflow in toUpperCase() and toLowerCase(). *) Bugfix: fixed escaping lone closing square brackets in RegExp() constructor. *) Bugfix: fixed String.prototype.toBytes() for ASCII strings. *) Bugfix: fixed handling zero byte characters inside RegExp pattern strings. *) Bugfix: fixed String.prototype.toBytes() for ASCII strings. *) Bugfix: fixed truth value of JSON numbers in JSON.parse(). *) Bugfix: fixed use-of-uninitialized-value in njs_string_replace_join(). *) Bugfix: fixed parseInt(?-0?). Thanks to Artem S. Povalyukhin. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jul 23 12:23:09 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 23 Jul 2019 15:23:09 +0300 Subject: [nginx-announce] nginx-1.17.2 Message-ID: <20190723122309.GR1877@mdounin.ru> Changes with nginx 1.17.2 23 Jul 2019 *) Change: minimum supported zlib version is 1.2.0.4. Thanks to Ilya Leoshkevich. *) Change: the $r->internal_redirect() embedded perl method now expects escaped URIs. *) Feature: it is now possible to switch to a named location using the $r->internal_redirect() embedded perl method. *) Bugfix: in error handling in embedded perl. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if hash bucket size larger than 64 kilobytes was used in the configuration. *) Bugfix: nginx might hog CPU during unbuffered proxying and when proxying WebSocket connections if the select, poll, or /dev/poll methods were used. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_ssi_filter_module. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Aug 13 16:10:33 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 13 Aug 2019 19:10:33 +0300 Subject: [nginx-announce] njs-0.3.4 Message-ID: Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications. Apart from specs conformance fuzzing under Memory-Sanitizer is introduced which allowed to catch new types of bugs. Notable new features: - Shorthand method names (ES2015): : > ({foo(){return 123}}).foo() // ({foo:function(){return 123}}) : 123 - Computed property names (ES2015) : > ({['b' + 'ar']:123}).bar : 123 - added getter/setter literal support: : > ({get foo(){return 123}}).foo : 123 : > ({get ['f' + 'oo'](){return 123}}).foo : 123 You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.4 13 Aug 2019 Core: *) Feature: added Object shorthand methods and computed property names. Thanks to ??? (Hong Zhi Dao) and Artem S. Povalyukhin. *) Feature: added getter/setter literal support. Thanks to ??? (Hong Zhi Dao) and Artem S. Povalyukhin. *) Feature: added fs.renameSync(). *) Feature: added String.prototype.trimStart() and String.prototype.trimEnd(). *) Improvement: added memory-sanitizer support. *) Improvement: Unicode case tables updated to version 12.1. *) Improvement: added UTF8 validation for string literals. *) Bugfix: fixed reading files with zero size in fs.readFileSync(). *) Bugfix: extended the list of space separators in String.prototype.trim(). *) Bugfix: fixed using of uninitialized value in String.prototype.padStart(). *) Bugfix: fixed String.prototype.replace() for '$0' and '$&' replacement string. *) Bugfix: fixed String.prototype.replace() for byte strings with regex argument. *) Bugfix: fixed global match in String.prototype.replace() with regexp argument. *) Bugfix: fixed Array.prototype.slice() for primitive types. *) Bugfix: fixed heap-buffer-overflow while importing module. *) Bugfix: fixed UTF-8 character escaping. *) Bugfix: fixed Object.values() and Object.entries() for shared objects. *) Bugfix: fixed uninitialized memory access in String.prototype.match(). *) Bugfix: fixed String.prototype.match() for byte strings with regex argument. *) Bugfix: fixed Array.prototype.lastIndexOf() with undefined arguments. *) Bugfix: fixed String.prototype.substring() with empty substring. *) Bugfix: fixed invalid memory access in String.prototype.substring(). *) Bugfix: fixed String.fromCharCode() for code points > 65535 and NaN. *) Bugfix: fixed String.prototype.toLowerCase() and String.prototype.toUpperCase(). *) Bugfix: fixed Error() constructor with no arguments. *) Bugfix: fixed "in" operator for values with accessor descriptors. *) Bugfix: fixed Object.defineProperty() for non-boolean descriptor props. *) Bugfix: fixed Error.prototype.toString() with UTF8 string properties. *) Bugfix: fixed Error.prototype.toString() with non-string values for "name" and "message". From mdounin at mdounin.ru Tue Aug 13 17:03:59 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Aug 2019 20:03:59 +0300 Subject: [nginx-announce] nginx-1.17.3 Message-ID: <20190813170358.GO1877@mdounin.ru> Changes with nginx 1.17.3 13 Aug 2019 *) Security: when using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). *) Bugfix: "zero size buf" alerts might appear in logs when using gzipping; the bug had appeared in 1.17.2. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used in SMTP proxy. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Aug 13 17:04:22 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Aug 2019 20:04:22 +0300 Subject: [nginx-announce] nginx-1.16.1 Message-ID: <20190813170422.GS1877@mdounin.ru> Changes with nginx 1.16.1 13 Aug 2019 *) Security: when using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Tue Aug 13 17:04:46 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Aug 2019 20:04:46 +0300 Subject: [nginx-announce] nginx security advisory (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) Message-ID: <20190813170446.GW1877@mdounin.ru> Hello! Several security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.17.2. The issues are fixed in nginx 1.17.3, 1.16.1. Thanks to Jonathan Looney from Netflix for discovering these issues. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Thu Aug 15 17:06:55 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Thu, 15 Aug 2019 20:06:55 +0300 Subject: [nginx-announce] njs-0.3.5 Message-ID: This is a bugfix release that eliminates heap-use-after-free introduced in 0.3.4. What installations are affected: - Importing built-in modules (crypto, fs) using require(). You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.5 15 Aug 2019 Core: *) Bugfix: fixed module importing using require(). The bug was introduced in 0.3.4. *) Bugfix: fixed [[SetPrototypeOf]]. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Thu Aug 22 19:56:26 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 22 Aug 2019 22:56:26 +0300 Subject: [nginx-announce] unit-1.10.0 Message-ID: <3322863.G6a9t8h2NG@vbart-laptop> Hi, I'm glad to announce a new release of NGINX Unit. This release includes a number of improvements in various language modules and, finally, basic handling of incoming WebSocket connections, currently only for Node.js. Next in line to obtain WebSocket support is the Java module; it's almost ready but requires some polishing. To handle WebSocket connections in your Node.js app via Unit, use the server object from the 'unit-http' module instead of the default one: var webSocketServer = require('unit-http/websocket').server; Another interesting and long-awaited feature in this release is the splitting of PATH_INFO in the PHP module. Now, Unit can properly handle requests like /app.php/some/path?some=args, which are often used to implement "user-friendly" URLs in PHP applications. Changes with Unit 1.10.0 22 Aug 2019 *) Change: matching of cookies in routes made case sensitive. *) Change: decreased log level of common errors when clients close connections. *) Change: removed the Perl module's "--include=" ./configure option. *) Feature: built-in WebSocket server implementation for Node.js module. *) Feature: splitting PATH_INFO from request URI in PHP module. *) Feature: request routing by scheme (HTTP or HTTPS). *) Feature: support for multipart requests body in Java module. *) Feature: improved API compatibility with Node.js 11.10 or later. *) Bugfix: reconfiguration failed if "listeners" or "applications" objects were missing. *) Bugfix: applying a large configuration might have failed. Please welcome our new junior developer, Axel Duch. For this release, he implemented scheme matching in request routing; now, he works to further extend the request routing capabilities with source and destination address matching. In parallel, Tiago Natel de Moura, who also joined the development recently, has achieved significant progress in the effort to add various process isolation features to Unit. You can follow his recent work on Linux namespaces support in the following pull request: - https://github.com/nginx/unit/pull/289 See also his email about the feature: - https://mailman.nginx.org/pipermail/nginx/2019-August/058321.html In the meantime, we are about to finish the first round of adding basic support for serving static media assets and proxying in Unit. Stay tuned! wbr, Valentin V. Bartenev From vbart at nginx.com Thu Sep 19 19:06:13 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 19 Sep 2019 22:06:13 +0300 Subject: [nginx-announce] unit-1.11.0 Message-ID: <32689242.2RWjmSj05t@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. This release improves the stability of Go applications and introduces three major features: 1. Ability to Serve Static Media Assets With this feature, we're only at the beginning of a long road to transform Unit into a full-fledged web server, capable of acting as a building block for web services of any kind. In this release, the support for static files is very simple; you can only specify the document root directory for Unit to handle: { "share": "/data/www/example.com" } Also, you can fine-tune MIME types: { "mime_types": { "text/plain": [ "readme", ".c", ".h" ], "application/msword": ".doc" } } Use encoding to access object members with names that contain "/" characters directly by their URI: GET /config/settings/http/static/mime_types/text%2Fplain/ See the documentation for details: - https://unit.nginx.org/configuration/#static-files In the upcoming releases, we'll extend this area of functionality to handle more use cases in the most performant manner. Unfortunately, basic proxying support did not make it to this release, as tests have revealed that it needs more work. There are excellent chances that the feature will be included in the next release in a month or so. 2. Application Isolation This capability increases the security of running applications, allowing to run them in isolated environments based on Linux namespaces. This is very similar to how Docker containers work. The configuration is pretty straightforward: you can customize the isolation level and configure UID/GID mapping between the host and the container: { "namespaces": { "credential": true, "pid": true, "network": true, "mount": false, "uname": true, "cgroup": false }, "uidmap": [ { "container": 1000, "host": 812, "size": 1 } ], "gidmap": [ { "container": 1000, "host": 812, "size": 1 } ] } See the documentation for details: - https://unit.nginx.org/configuration/#process-isolation This feature was implemented by Tiago de Bem Natel de Moura, who has joined our team recently; he will continue working on security features hardening and container support of Unit. 3. WebSockets in Java Servlet Containers WebSocket connection offloading was first introduced in the previous release for Node.js only; now it's extended to JSC as well. We will continue advancing application language support further to provide equally broad opportunities, whichever language you may prefer. Changes with Unit 1.11.0 19 Sep 2019 *) Feature: basic support for serving static files. *) Feature: isolation of application processes with Linux namespaces. *) Feature: built-in WebSocket server implementation for Java Servlet Containers. *) Feature: direct addressing of API configuration options containing slashes "/" using URI encoding (%2F). *) Bugfix: segmentation fault might have occurred in Go applications under high load. *) Bugfix: WebSocket support was broken if Unit was built with some linkers other than GNU ld (e.g. gold or LLD). That's all for this release. Try, test, leave feedback, and stay tuned! wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Sep 24 15:16:57 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 24 Sep 2019 18:16:57 +0300 Subject: [nginx-announce] nginx-1.17.4 Message-ID: <20190924151657.GU1877@mdounin.ru> Changes with nginx 1.17.4 24 Sep 2019 *) Change: better detection of incorrect client behavior in HTTP/2. *) Change: in handling of not fully read client request body when returning errors in HTTP/2. *) Bugfix: the "worker_shutdown_timeout" directive might not work when using HTTP/2. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the ECONNABORTED error log level was "crit" instead of "error" on Windows when using SSL. *) Bugfix: nginx ignored extra data when using chunked transfer encoding. *) Bugfix: nginx always returned the 500 error if the "return" directive was used and an error occurred during reading client request body. *) Bugfix: in memory allocation error handling. -- Maxim Dounin http://nginx.org/ From vbart at nginx.com Thu Oct 3 16:47:34 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 03 Oct 2019 19:47:34 +0300 Subject: [nginx-announce] unit-1.12.0 Message-ID: <2889670.up2fULrJRa@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. This is an ad-hoc release that focuses on fixing several annoying bugs and adds compatibility with the upcoming PHP 7.4, scheduled for release on November 28, 2019. Changes with Unit 1.12.0 03 Oct 2019 *) Feature: compatibility with PHP 7.4. *) Bugfix: descriptors leak on process creation; the bug had appeared in 1.11.0. *) Bugfix: TLS connection might be closed prematurely while sending response. *) Bugfix: segmentation fault might have occurred if an irregular file was requested. Regarding our plans for the near future, see our earlier announcement: - https://mailman.nginx.org/pipermail/unit/2019-September/000167.html To know more about some features introduced recently, you can follow posts about Unit in the official blog: - https://www.nginx.com/blog/tag/nginx-unit/ We also updated our Docker images with an initialization script that significantly simplifies the initial configuration of Unit daemon inside a container. Please check the documentation for instructions: - https://unit.nginx.org/installation/#initial-configuration wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Oct 22 15:35:02 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 22 Oct 2019 18:35:02 +0300 Subject: [nginx-announce] nginx-1.17.5 Message-ID: <20191022153502.GW1877@mdounin.ru> Changes with nginx 1.17.5 22 Oct 2019 *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid reading from a fast connection for a long time. *) Bugfix: incomplete escaped characters at the end of the request URI were ignored. *) Bugfix: "/." and "/.." at the end of the request URI were not normalized. *) Bugfix: in the "merge_slashes" directive. *) Bugfix: in the "ignore_invalid_headers" directive. Thanks to Alan Kemp. *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Oct 22 15:49:16 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 22 Oct 2019 18:49:16 +0300 Subject: [nginx-announce] njs-0.3.6 Message-ID: Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications. Notable new features: - Function constructor: : > var sum = new Function('a, b', 'return a + b'); : undefined : > sum(2, 3) : 5 You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.6 22 Oct 2019 nginx modules: *) Improvement: getting special headers from r.headersIn. Core: *) Feature: added new Function() support. *) Feature: added Number.prototype.toFixed(). *) Feature: added Number.prototype.toPrecision(). *) Feature: added Number.prototype.toExponential(). *) Improvement: making "prototype" property of function instances writable. *) Improvement: limiting recursion depth while compiling. *) Improvement: moving global functions to the global object. *) Bugfix: fixed prototype mutation for object literals. *) Bugfix: fixed heap-buffer-overflow while parsing regexp literals. *) Bugfix: fixed integer-overflow while parsing exponent of number literals. *) Bugfix: fixed parseFloat(). *) Bugfix: fixed Array.prototype functions according to the specification. The following functions were fixed: every, includes, indexOf, filter, find, findIndex, forEach, lastIndexOf, map, pop, push, reduce, reduceRight, shift, some, unshift. *) Bugfix: fixed handing of accessor descriptors in Object.freeze(). *) Bugfix: fixed String.prototype.replace() when first argument is not a string. *) Bugfix: fixed stack-use-after-scope in Array.prototype.map(). *) Bugfix: Date.prototype.toUTCString() format was aligned to ES9. *) Bugfix: fixed buffer overflow in Number.prototype.toString(radix). *) Bugfix: fixed Regexp.prototype.test() for regexps with backreferences. *) Bugfix: fixed Array.prototype.map() for objects with nonexistent values. *) Bugfix: fixed Array.prototype.pop() and shift() for sparse objects. *) Bugfix: fixed Date.UTC() according to the specification. *) Bugfix: fixed Date() constructor according to the specification. *) Bugfix: fixed type of Date.prototype. Thanks to Artem S. Povalyukhin. *) Bugfix: fixed Date.prototype.setTime(). Thanks to Artem S. Povalyukhin. *) Bugfix: fixed default number of arguments expected by built-in functions. *) Bugfix: fixed "caller" and "arguments" properties of a function instance. Thanks to Artem S. Povalyukhin. From vbart at nginx.com Thu Nov 14 18:33:22 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 14 Nov 2019 21:33:22 +0300 Subject: [nginx-announce] unit-1.13.0 Message-ID: <2740395.5QxOcPW8OL@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. This release expands Unit's functionality as a generic web server by introducing basic HTTP reverse proxying. See the details in our documentation: - https://unit.nginx.org/configuration/#proxying Compared to mature proxy servers and load balancers, Unit's proxy features are limited now, but we'll continue the advance. Also, this release improves the user experience for Python and Ruby modules and remediates compatibility issues with existing applications in these languages. Our long-term goal is to turn Unit into the ultimate high-performance building block that will be helpful and easy to use with web services of any kind. To accomplish this, Unit's future releases will focus on the following aspects: - security, isolation, and DoS protection - ability to run various types of dynamic applications - connectivity with load balancing and fault tolerance - efficient serving of static media assets - statistics and monitoring Changes with Unit 1.13.0 14 Nov 2019 *) Feature: basic support for HTTP reverse proxying. *) Feature: compatibility with Python 3.8. *) Bugfix: memory leak in Python application processes when the close handler was used. *) Bugfix: threads in Python applications might not work correctly. *) Bugfix: Ruby on Rails applications might not work on Ruby 2.6. *) Bugfix: backtraces for uncaught exceptions in Python 3 might be logged with significant delays. *) Bugfix: explicit setting a namespaces isolation option to false might have enabled it. Please feel free to share your experiences and ideas on GitHub: - https://github.com/nginx/unit/issues Or via Unit mailing list: - https://mailman.nginx.org/mailman/listinfo/unit wbr, Valentin V. Bartenev From mdounin at mdounin.ru Tue Nov 19 14:32:47 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 19 Nov 2019 17:32:47 +0300 Subject: [nginx-announce] nginx-1.17.6 Message-ID: <20191119143247.GV12894@mdounin.ru> Changes with nginx 1.17.6 19 Nov 2019 *) Feature: the $proxy_protocol_server_addr and $proxy_protocol_server_port variables. *) Feature: the "limit_conn_dry_run" directive. *) Feature: the $limit_req_status and $limit_conn_status variables. -- Maxim Dounin http://nginx.org/ From xeioex at nginx.com Tue Nov 19 14:46:33 2019 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 19 Nov 2019 17:46:33 +0300 Subject: [nginx-announce] njs-0.3.7 Message-ID: <4e95bd6b-cf62-24fb-d713-9b29df24c820@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications. Notable new features: - Object.assign() method: : > var obj = { a: 1, b: 2 } : undefined : > var copy = Object.assign({}, obj) : undefined : > console.log(copy) : {a:1,b:2} You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.7 19 Nov 2019 nginx modules: *) Improvement: refactored iteration over external objects. Core: *) Feature: added Object.assign(). *) Feature: added Array.prototype.copyWithin(). *) Feature: added support for labels in console.time(). *) Change: removed console.help() from CLI. *) Improvement: moved constructors and top-level objects to global object. *) Improvement: arguments validation for configure script. *) Improvement: refactored JSON methods. *) Bugfix: fixed heap-buffer-overflow in njs_array_reverse_iterator() function. The following functions were affected: Array.prototype.lastIndexOf(), Array.prototype.reduceRight(). *) Bugfix: fixed [[Prototype]] slot of NativeErrors. *) Bugfix: fixed NativeError.prototype.message properties. *) Bugfix: added conversion of "this" value to object in Array.prototype functions. *) Bugfix: fixed iterator for Array.prototype.find() and Array.prototype.findIndex() functions. *) Bugfix: fixed Array.prototype.includes() and Array.prototype.join() with "undefined" argument. *) Bugfix: fixed "constructor" property of "Hash" and "Hmac" objects. *) Bugfix: fixed "__proto__" property of getters and setters. *) Bugfix: fixed "Date" object string formatting. *) Bugfix: fixed handling of NaN and -0 arguments in Math.min() and Math.max(). *) Bugfix: fixed Math.round() according to the specification. *) Bugfix: reimplemented "bound" functions according to the specification. From mdounin at mdounin.ru Tue Dec 24 15:14:17 2019 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 24 Dec 2019 18:14:17 +0300 Subject: [nginx-announce] nginx-1.17.7 Message-ID: <20191224151417.GW12894@mdounin.ru> Changes with nginx 1.17.7 24 Dec 2019 *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "rewrite" directive with an empty replacement string was used in the configuration. *) Bugfix: a segmentation fault might occur in a worker process if the "break" directive was used with the "alias" directive or with the "proxy_pass" directive with a URI. *) Bugfix: the "Location" response header line might contain garbage if the request URI was rewritten to the one containing a null character. *) Bugfix: requests with bodies were handled incorrectly when returning redirections with the "error_page" directive; the bug had appeared in 0.7.12. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the ngx_http_dav_module. -- Maxim Dounin http://nginx.org/ From vbart at nginx.com Fri Dec 27 13:41:12 2019 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 27 Dec 2019 16:41:12 +0300 Subject: [nginx-announce] unit-1.14.0 Message-ID: <10381405.FFVmYgHa4O@vbart-workstation> Hi, I'm glad to announce a new release of NGINX Unit. Besides improving the request routing abilities, this release simplifies operations concerning the Go module. Now it can also be installed with the "go get" command: go get unit.nginx.org/go Mind, however, that it requires the "unit-dev" package. Great effort went into improving the efficiency and avoiding memory bloat in cases where an application generates gigabytes of response body. Now Unit can deal with that without much hassle. We will continue improving the performance and increasing efficiency, as this is one of our primary priorities. Changes with Unit 1.14.0 26 Dec 2019 *) Change: the Go package import name changed to "unit.nginx.org/go". *) Change: Go package now links to libunit instead of including library sources. *) Feature: ability to change user and group for isolated applications when Unit daemon runs as an unprivileged user. *) Feature: request routing by source and destination addresses and ports. *) Bugfix: memory bloat on large responses. We also updated our Docker images and switched them from Debian 9 to 10 as the base, so the language module versions have been updated respectively. - https://unit.nginx.org/installation/#docker-images Python 3.6 module packages were added to CentOS and RHEL 7 repositories, and Python 3.7 package was added to Amazon Linux 2 LTS. Please note that the name of Python 2.7 package in these repositories was changed from "unit-python" to "unit-python27". The Go package now has the same name "unit-go" across all our repositories and depends on "unit-dev". This is the last release of 2019, so I'll use this opportunity to wish a Happy New Year to our strong community. Thank you for your requests, bug reports, ideas, and suggestions. Everything that we do, we primarily do for you, our users. This year, we made 8 releases, with 427 commits to the repository, where 65242 lines were added and 8219 removed. The biggest features of the year are: - Support for Java Servlet Containers, which means that now Unit supports 7 languages - Advanced internal request routing that allows to filter requests by various parameters, including: URI, header fields, arguments, cookies, addresses, and ports - Built-in WebSocket server offloading for Node.js and Java - Isolation of application processes - Serving of static files - Reverse proxying These features establish a firm basis for further development of Unit as a general-purpose web server that is able to perform absolutely any task related to handling and processing web protocols in the most efficient way. This is our ultimate goal, and we are eager to achieve it over the coming years. I'd like to thank everyone who worked hard with me on Unit through the year: - Andrei Belov - system engineer, who maintained repositories and prepared packages - Andrei Zeliankou - QA engineer, who wrote functional tests and ran fuzzing - Artem Konev - technical writer, who wrote documentation and blog posts, improved the website, and sometimes helped us to arrange words in sentences the right way - Axel Duch - junior developer, who improved request routing - Igor Sysoev - senior developer and architect, who worked on request routing, proxying, and many internal aspects - Konstantin Pavlov - system engineer, who prepared Docker images and packages - Maxim Romanov - senior developer, who worked on Java, WebSockets, and internal IPC - Tiago Natel de Moura - senior developer, who worked on isolation features Thank you guys, I'm happy to work with you. wbr, Valentin V. Bartenev